Google Meet “Bombing”? Yes, it’s a thing … sort of

UPDATE 7/14/20: As of 7/13/20, Google has made a change where anonymous users (users not signed in with a Google account) cannot join any meeting organized by a user tied to a domain with a G Suite for Education or G Suite Enterprise for Education license. More info on Google’s G Suite blog.

After it was first learned that with some success that people could predict Zoom meeting IDs and “bomb” the meeting, I was curious if it were possible to likewise have someone do the same in Google Meet. Just recently, we had our first instance of someone with an inappropriate name joining one of our school’s Google Meets, but how it happened was not because of a technological glitch or “guessing” the meeting code … While this may be possible in future, this post addresses a specific scenario when a Google Meet organizer allows a Google account outside your domain to join a meeting.

To avoid peppering this post with references to bombs and “bombing” when referring to undesired Google Meet participant entry, I am going to refer to the act simply as “sleuthing”, or to the individuals themselves as “sleuths”. I’ve grown to love this word, and since the object ultimately is to discover and gain access to a meeting this just makes sense to me.

TL;DR: If a meeting organizer allows a Google account outside your domain to join a Google Meet, the organizer is never prompted again to approve/prevent this same Google account from joining that particular meeting.

UPDATE 5/20/20: If a Google Meet organizer shares the dial-in phone number and PIN along with the meeting ID, anyone with the phone number and PIN can join the meeting without any approval whatsoever.

Click past the jump for more info.

Read More